PKCS1

PKCS1

In cryptography, PKCS#1 is the first of a family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It provides the basic definitions of and recommendations for implementing the RSA algorithm for public-key cryptography. It defines the mathematical properties of public and private keys, primitive operations for encryption and signatures, secure cryptographic schemes, and related ASN.1 syntax representations.

The current version, 2.1, was published in June 2002, and was also republished as RFC 3447 in February 2003.

Keys

The PKCS#1 standard defines the mathematical definitions and properties that RSA public and private keys must have. The traditional key pair is based on a modulus, n, which is the product of two distinct large prime numbers, p and q, such that n = pq.

Starting with version 2.1, this definition was generalized to allow for a multi-prime keys, where the number of distinct primes may be two or more. When dealing with multi-prime keys, the prime factors are all generally labeled as r_i for some i, such that:

: n = r_1 cdot r_2 cdot ... cdot r_u, for u ge 2

As a notational convenience, p = r_1 and q = r_2.

The RSA public key is represented as the tuple (n, e), where the integer e is the public exponent.

The RSA private key may have two representations. The first compact form is the tuple (n, d), where d is the private exponent. The second form has at least five terms, or more for multi-prime keys. Although mathematically redundant to the compact form, the additional terms allow for certain computational optimizations when using the key.

Primitives

The standard defines several basic primitives. The primitive operations provide the fundamental instructions for turning the raw mathematical formulas into computable algorithms.

* I2OSP, OS2IP: conversion between the potentially large nonnegative integers encountered in the mathematical formulas and their computer data representation as a sequence of bytes (an octet string).
* RSAEP, RSADP: basic encryption and decryption algorithms.
* RSASP1, RSAVP1: algorithms for producing and verifying signatures.

chemes

By themselves the primitive operations do not necessarily provide any security. The concept of a cryptographic scheme is to define higher level algorithms or uses of the primitives so they achieve certain security goals.

There are two schemes for encryption and decryption:
* RSAES-OAEP: improved encryption/decryption scheme; based on the Optimal Asymmetric Encryption Padding scheme proposed by Mihir Bellare and Phillip Rogaway.
* RSAES-PKCS1-v1_5: older encryption/decryption scheme as first standardized in version 1.5 of PKCS#1.

There are also two schemes for dealing with signatures:
* RSASSA-PSS: improved probabilistic signature scheme with appendix; based on the Probabilistic Signature Scheme originally invented by Bellare and Rogaway.
* RSASSA-PKCS1-v1_5: old signature scheme with appendix as first standardized in version 1.5 of PKCS#1.

The two signature schemes make use of separately defined encoding methods:
* EMSA-PSS: encoding method for signature appendix, probabilistic signature scheme.
* EMSA-PKCS1-v1_5: encoding method for signature appendix as first standardized in version 1.5 of PKCS#1.

The signature schemes are actually signatures "with appendix", which means that rather than signing some input datadirectly a hash function is used first to produce an intermediary representation of the data and then the result of the hash is signed. This technique is almost always used with RSA because the amount of data that can be directly signed is proportional to the size of the keys; which is almost always much smaller than the amount of data an application may wish to sign.

Version history

* Versions 1.1–1.3, February through March 1991, privately distributed.
* Version 1.4, June 1991, published for NIST/OSI Implementors' Workshop.
* Version 1.5, November 1993. First public publication. Republished as RFC 2313.
* Version 2.0, September 1998. Republished as RFC 2437.
* Version 2.1, June 2002. Republished as RFC 3447.

External links

* [http://www.rsa.com/rsalabs/node.asp?id=2125 PKCS #1: RSA Cryptography Standard] , RSA Laboratories
* RFC 3447
* [http://www.rsa.com/rsalabs/node.asp?id=2005 Raising the Standard for RSA Signatures: RSA-PSS] , Burt Kaliski, RSA Laboratories February 26, 2003.


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • CRYPTREC — is the Cryptography Research and Evaluation Committee set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union s NESSIE project …   Wikipedia

  • Public Key Cryptographic Standards — Les PKCS (Public Key Cryptographic Standards), ou standards de cryptographie à clé publique, sont un ensemble de spécifications conçues par les laboratoires RSA en Californie. La société RSA Security est spécialisée dans les solutions de sécurité …   Wikipédia en Français

  • CRYPTREC — CRYPTREC  Cryptography Research and Evaluation Committees, основаны японским правительством, для оценки и рекомендации шифровальных методов для правительственного и индустриального использования. CRYPTREC привлек передовых криптографов всего …   Википедия

  • RSA — (аббревиатура от фамилий Rivest, Shamir и Adleman)  криптографический алгоритм с открытым ключом, основывающийся на вычислительной сложности задачи факторизации больших целых чисел. Криптосистема RSA стала первой системой, пригодной и для… …   Википедия

  • IEEE P1363 — IEEE P1363  проект Института инженеров по электротехнике и электронике (англ. Institute of Electrical and Electronics Engineers, IEEE) по стандартизации криптосистем с открытым ключом. Целью проекта было объединение опыта разработчиков… …   Википедия

  • Атака на основе подобранного шифротекста — (англ. Chosen ciphertext attack)  криптографическая атака, при которой криптоаналитик собирает информацию о шифре путем подбора зашифрованного текста и получения его расшифровки при неизвестном ключе. Как правило, криптоаналитик может… …   Википедия

  • Malleability (cryptography) — Malleability is a property of some cryptographic algorithms.[1] An encryption algorithm is malleable if it is possible for an adversary to transform a ciphertext into another ciphertext which decrypts to a related plaintext. That is, given an… …   Wikipedia

  • PSS — may refer to:In science: *Packet Switch Stream, a British packet switched network *Peroidic Steady State: ** Peroidic Steady State Analysis ** Peroidic Steady State Solution *Plasma sound source, a means of making sonar underwater *Polystyrene… …   Wikipedia

  • Topics in cryptography — This article is intended to be an analytic glossary , or alternatively, an organized collection of annotated pointers.Classical ciphers*Autokey cipher *Permutation cipher*Polyalphabetic substitution **Vigenère cipher*Polygraphic substitution… …   Wikipedia

  • MGF — may stand for: MG F, a 1995 mid engined, rear wheel drive roadster manufactured by the Rover Group Machine Gun Fellatio, an Australian alternative band Magnesium fluoride (chemical formula MgF2) Malagasy franc, the former currency of Madagascar… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”